If you are evaluating this module for use, please read this issue.

Overview

The Route Basic Authentication module protects configured routes with HTTP basic authentication. The routes are configured with the Drupal route name (described as machine name in the structure of routes documentation), for example the login: user.login. The HTTP methods (GET, POST, PUT, DELETE, ...) that should be protected by HTTP basic authentication are also configured for each route. A site wide username and password is used, configurable on the settings page (Administration » Configuration » System » Route Basic Authentication settings).

Features

  • Protect configured Drupal routes with HTTP basic authentication.
  • Protected route HTTP methods configurable.
  • Site wide username and password for HTTP basic authentication.
  • IP address based flood protection.

Installation

Install as you would normally install a contributed Drupal module. Visit:
https://www.drupal.org/docs/8/extending-drupal-8/installing-drupal-8-mod...
for further information.

Configuraton

  • Configure user permissions in Administration » People » Permissions:
    • Change the Route Basic Authentication settings:
      Permission to change the module settings.
  • Configure username and password on the settings page or route_basic_auth.settings.yml configuration file.
  • Configure the routes that should be protected with HTTP basic authentication in the route_basic_auth.settings.yml configuration file (Currently not editable in the UI).
    • Use the following format:
      protected_routes:
      # The name of the key, here "user_login" does not matter.
      user_login:
        name: 'user.login'
        methods:
          - 'GET'
      user_login_http:
        name: 'user.login.http'
        methods:
          - 'POST'

Requirements

  • This module requires Drupal 8.6 or above.
  • No additional modules are needed.

Example use cases

  • Protect the login page with HTTP basic authentication to add an extra layer of security.
  • Protect a webhook endpoint for incoming requests from a service such as MailJet.
  • ...

Related modules

  • Shield: Protects pages with HTTP basic authentication - now has path inclusion/exclusion capabilities.
  • HTTP Auth: Protects /user and /admin pages with HTTP basic authentication.
Supporting organizations: 
Sitback Solutions
Maintenance from 2024
Merkle
Initial development

Project information

Releases

2.0.0 Stable release covered by the Drupal Security Team released 29 June 2024
Works with Drupal: ^10 || ^11
Install:

Development version: 2.x-dev updated 29 Jun 2024 at 03:54 UTC

8.x-1.1 Stable release covered by the Drupal Security Team released 29 June 2024
Works with Drupal: ^8 || ^9 || ^10 || ^11
Install:

Development version: 8.x-1.x-dev updated 29 Jun 2024 at 01:00 UTC

Using Composer to manage Drupal site dependencies